After a Wall Street Journal story last week about Google bypassing the privacy settings on Apple’s Safari Web browser, Microsoft has written a blog post accusing Google of doing similar things on Internet Explorer.

But what is happening on IE is a bit different, and it involves a problem that has been known about for some time by Microsoft and privacy researchers.

Here’s what’s going on: By default, IE is designed to block little files called “cookies” if they come from tracking companies. But the way it does this is fairly complicated.

IE uses something called P3P – the Platform for Privacy Preferences Project – a computer protocol that allows websites to share their privacy policies with the Web browser, rather than forcing the user to read each policy. P3P is a good idea, but it’s one that has never really caught on, and other Web browsers don’t support it.

IE supports P3P by default; if a Web company tells IE that it tracks users, or if it doesn’t have a P3P policy at all, IE stops it from placing “third party” cookies, the kind usually used by advertisers and tracking companies.

But there’s a big loophole in this setting: If a Web company doesn’t follow the right format in its P3P policy, it’s allowed to set cookies anyway. The P3P policy for Google.com simply says “This is not a P3P policy!” and then provides a link to a further explanation.

Privacy researchers have been complaining for years about this IE loophole and the companies that use it. Lorrie Cranor, a professor at Carnegie Mellon University, wrote a blog post on Saturday pointing out yet again that “lots of companies do this,” including Google and Facebook. She also has been calling on Microsoft to make changes to close the loophole.

Back in 2010, Ms. Cranor’s research team found that thousands of sites, including a few of Microsoft’s own, had problems in their P3P policies that allowed them to set cookies in IE. Many of the problems were due to typos and other mistakes; others were found to be deliberate misrepresentations.

Generally, nobody has put a stop to this, but Microsoft said in its Monday post that it is now “actively investigating” whether to prevent the setting of cookies in these circumstances.

The link provided by Google explains that the company doesn’t follow the P3P syntax for Google.com because doing so interferes with things like +1 social networking buttons and with Google gadgets on iGoogle.

Google’s advertising technology – doubleclick.net and googleadservices.com – follows the P3P protocol, according to the Journal’s tests. This makes the IE situation different from the one on Safari, where Google put its doubleclick.net advertising trackers on people’s computers in spite of Safari’s privacy settings.

Google did not immediately respond to a request for comment.

Facebook’s page about P3P says the following: “the P3P standard is now out of date and does not reflect technologies that are currently in use on the web.”

And it’s worth pointing out that Microsoft has been eager to attack Google over privacy missteps, even taking out ads about Google’s new privacy policy.

Still, Ms. Cranor says such behavior “looks like a circumvention.”

So what should you take away from all this brouhaha about cookies and P3P and IE and Safari? Simple: Keeping track of your privacy preferences online is complicated to the point of being nearly impossible.

Every time a tool attempts to block something – like tracking cookies – companies come up with workarounds. And sometimes these privacy tools end up creating problems for honest Web developers, further complicating the situation.

Microsoft, for its part, is using the recent controversies to point users to its Tracking Protection Lists, a new feature in IE9 that lets users create lists to block trackers. Microsoft even introduced a new one on Monday that aims to block Google tracking. These lists block more than just cookies and aim to prevent any requests at all from tracking companies.